Privacy Policy

Last Updated: February 9, 2026

This Privacy Policy describes how Heatmap Housing LLC, a Missouri limited liability company ("Heatmap Housing," "Company," "we," "us," or "our"), collects, uses, discloses, and protects your personal information when you use our website, application, and related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, please do not use the Service.

This Privacy Policy should be read together with our Terms of Service.

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: Email address, name, username, and password (hashed)
• Phone Number: For account verification and security (via SMS)
• Payment Information: Credit/debit card details, billing address (processed by Stripe; we do not store full card numbers)
• Profile Information: Subscription tier, investment preferences, capital range, investment goals, theme preference
• User Content: Saved workspaces, filters, preferences, pipeline plans, tracked properties, and settings
• Communications: Support requests, feedback, and correspondence with us

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, filters applied, searches performed, time spent on platform
• Analytics Events: Login, sign-up, session start, export, and feature usage events tracked for product improvement
• Session Heartbeat: Periodic session activity signals to track active usage
• Device Information: Browser type and version, operating system, device type, screen resolution
• Network Information: IP address, internet service provider, approximate geographic location
• Log Data: Timestamps, access times, referring URLs, error logs, technical diagnostics
• Local Storage: Application state (filters, map position, selections, theme preference) is automatically saved to your browser's localStorage and restored on page refresh. This data stays on your device.
• Cookie Data: Session cookies, preference cookies, and authentication tokens (see Section 5)

1.3 Information from Third Parties

• Authentication Providers: If you sign in with Google (OAuth), we receive your email address, name, and profile picture. We use this only for account creation and authentication.
• Payment Processors: Stripe may provide us with transaction status and billing information

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Provide and Maintain the Service

• Create and manage your account
• Process subscriptions and payments
• Deliver the features and functionality you request
• Save your preferences and workspaces
• Provide customer support

2.2 Improve and Develop the Service

• Analyze usage patterns to improve features
• Identify and fix bugs and technical issues
• Develop new features based on user behavior
• Conduct research and analytics (using anonymized data)

2.3 Communicate with You

• Send service-related notifications (account, billing, security)
• Respond to your inquiries and support requests
• Send product updates and announcements (you can opt out)

2.4 Security and Compliance

• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms of Service
• Comply with legal obligations
• Protect our rights, property, and safety

3. How We Share Your Information

We do NOT sell your personal information. We may share your information only in the following circumstances:

3.1 Service Providers

We use trusted third-party service providers to operate the Service. Each provider only receives the information necessary to perform their specific function.

Stripe, Inc. (Payment Processing)

• Purpose: Payment processing, subscription management, fraud detection
• Data Shared: Name, email, billing address, payment card details
• Security: PCI DSS Level 1 certified (highest level)
• Privacy Policy: stripe.com/privacy
• Note: We do NOT store your full credit card number. Stripe provides us with a secure token.

Supabase, Inc. (Database and Authentication)

• Purpose: User authentication, data storage, real-time updates
• Data Shared: Email, password hash, profile data, saved workspaces, usage data
• Security: Data encrypted at rest (AES-256) and in transit (TLS 1.3)
• Data Location: United States (AWS us-east-1)
• Privacy Policy: supabase.com/privacy

Twilio, Inc. (SMS Verification)

• Purpose: Phone number verification for account security
• Data Shared: Phone number, 6-digit verification codes
• Retention: Twilio retains SMS logs for 7 days; we store only verified phone numbers
• Privacy Policy: twilio.com/legal/privacy

Google LLC (OAuth Authentication)

• Purpose: Optional sign-in with Google for account creation and authentication
• Data Shared: Authentication tokens; Google provides us your email, name, and profile picture
• Privacy Policy: policies.google.com/privacy
• Note: Google sign-in is optional. You can use email/password or magic link authentication instead.

Vercel, Inc. (Hosting and CDN)

• Purpose: Application hosting, serverless functions, content delivery
• Data Shared: IP address, browser information, page views, request logs
• Data Location: United States (multi-region)
• Privacy Policy: vercel.com/legal/privacy-policy

3.2 Legal Requirements

We may disclose your information if required to do so by law or if we believe such action is necessary to:

• Comply with a legal obligation, court order, or government request
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public
• Protect against legal liability

3.3 Business Transfers

If Heatmap Housing is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption in Transit: All data transmitted between your browser and our servers uses TLS 1.3
• Encryption at Rest: Data stored in our databases is encrypted using AES-256
• Authentication: Secure authentication via Supabase with password hashing (bcrypt)
• Access Controls: Strict access controls limit employee access to personal data
• Monitoring: We monitor for suspicious activity and security incidents
• Regular Audits: We conduct regular security reviews and updates

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

4.1 Security Incident Response

In the event of a data breach that affects your personal information:

• Within 72 hours: We will contain the breach, assess scope, and begin notifying affected users via email
• Within 7 days: We will provide detailed information about what data was affected and steps we're taking
• Within 30 days: We will complete our investigation and file required regulatory notifications

Report suspicious activity: security@heatmaphousing.com

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device by your web browser. We use cookies and similar technologies to operate the Service and improve your experience.

5.2 Types of Cookies We Use

Essential Cookies (Required)

These cookies are necessary for the Service to function and cannot be disabled:

• Authentication Cookies: Keep you logged in between sessions (sb-access-token, sb-refresh-token)
• Security Cookies: Prevent cross-site request forgery (CSRF) attacks
• Load Balancing: Route requests to appropriate servers

Functional Cookies (Optional)

These cookies remember your preferences and settings:

• Preference Cookies: Remember your heatmap settings, saved filters, column order
• UI State: Remember collapsed/expanded panels, selected views

Third-Party Cookies

• Stripe: Fraud detection cookies (__stripe_mid, __stripe_sid)

5.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

• View what cookies are stored
• Delete individual or all cookies
• Block cookies from specific sites
• Block all cookies (note: this will prevent you from using the Service)

Warning: Disabling essential cookies will prevent you from logging in to Heatmap Housing.

5.4 Do Not Track

We honor browser "Do Not Track" signals for non-essential cookies. However, essential cookies required for the Service to function cannot be disabled via DNT signals.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request that we limit how we use your data
• Objection: Object to certain types of processing
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights: Email privacy@heatmaphousing.com with your request. We will respond within 30 days (or 45 days for California residents).

We will not discriminate against you for exercising your privacy rights.

7. Data Retention

We retain your information only as long as necessary for the purposes described in this Policy:

7.1 Active Accounts

• Account Data: Retained while your account is active
• Usage Logs: Retained for 90 days, then aggregated/anonymized
• Support Communications: Retained for 3 years from last contact

7.2 After Account Deletion

• Personal Data: Deleted within 30 days of account deletion request
• Billing Records: Retained for 7 years (IRS requirement)
• Anonymized Analytics: Retained indefinitely (cannot be traced to you)
• Backup Systems: Purged within 90 days (backup rotation cycle)

7.3 Legal Hold

We may retain data longer if required by:

• Active legal proceedings or investigations
• Government requests or court orders
• Fraud prevention requirements

8. How We Use Anonymized Data

We collect and analyze anonymized and aggregated usage patterns to improve the Service. This includes:

• Popular filter combinations and search patterns
• Most-viewed states, markets, and metrics
• Feature usage rates and engagement metrics
• Performance and error analytics

Important: Anonymized data cannot be traced back to individual users. We never sell anonymized data to third parties. We use it solely to improve Heatmap Housing for all users.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

9.1 Right to Know

You have the right to request that we disclose:

• Categories of personal information we collect
• Specific pieces of personal information we hold about you
• Categories of sources from which information is collected
• Business purposes for collecting personal information
• Categories of third parties with whom we share personal information

9.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (legal obligations, completing transactions, security, etc.).

9.3 Right to Correct

You have the right to request correction of inaccurate personal information.

9.4 Right to Opt-Out of Sales

WE DO NOT SELL YOUR PERSONAL INFORMATION. We do not sell, rent, or trade personal information for monetary or other valuable consideration.

9.5 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights by:

• Denying goods or services
• Charging different prices or rates
• Providing a different level or quality of service

9.6 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, phone number, IP address, account ID
• Financial Information: Payment card details (via Stripe), billing address
• Commercial Information: Subscription tier, purchase history
• Internet Activity: Pages viewed, features used, search queries, filters applied
• Geolocation Data: ZIP codes searched, approximate location from IP address
• Inferences: Investment preferences, capital range, investment goals

9.7 How to Exercise Your Rights

Submit a Request: Email privacy@heatmaphousing.com with subject "CCPA Request"
Response Time: We will respond within 45 days (may extend by additional 45 days if necessary)

9.8 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. The agent must provide written authorization signed by you, and we may require you to verify your identity directly.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

10.1 Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide the Service you subscribed to
• Legitimate Interest: Processing necessary for our legitimate business interests (fraud prevention, security, service improvement)
• Consent: Processing based on your explicit consent (marketing communications)
• Legal Obligation: Processing required to comply with applicable laws

10.2 Your GDPR Rights

• Right to Access (Art. 15): Obtain confirmation and a copy of your personal data
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing (Art. 18): Limit how we use your data
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interest
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time for consent-based processing

10.3 How to Exercise Your Rights

Submit a Request: Email privacy@heatmaphousing.com with subject "GDPR Request"
Response Time: We will respond within 30 days

10.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated GDPR. A list of EU data protection authorities is available at edpb.europa.eu.

10.5 International Data Transfers

Your data may be transferred to and processed in the United States. We protect international transfers using:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Service providers that participate in recognized data protection frameworks

11. Children's Privacy

Heatmap Housing is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA).

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at privacy@heatmaphousing.com. We will delete the information within 30 days.

By using Heatmap Housing, you represent that you are at least 18 years old.

12. International Users

Heatmap Housing is operated from the United States. If you access the Service from outside the US:

• Your information will be transferred to and processed in the United States
• US privacy laws may differ from those in your country
• By using the Service, you consent to this transfer
• We implement appropriate safeguards as described in Section 10.5

13. Third-Party Links

The Service may contain links to third-party websites (e.g., Zillow, Redfin, county assessor sites). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

• We will update the "Last Updated" date at the top of this page
• We will notify you via email at least 30 days before changes take effect
• We may also post a notice within the Service

Your continued use of the Service after the effective date of changes constitutes acceptance of the revised Privacy Policy. If you do not agree, you must stop using the Service.

15. Contact Information

Heatmap Housing LLC
A Missouri Limited Liability Company
405 W Foxwood Dr
Raymore, MO 64083

Privacy Inquiries:
Email: privacy@heatmaphousing.com
Subject Line: "Privacy Inquiry" or "CCPA Request" or "GDPR Request"

General Support: support@heatmaphousing.com
Security Issues: security@heatmaphousing.com
Legal Notices: legal@heatmaphousing.com

Response Times:
General Inquiries: 2-3 business days
CCPA Requests: 45 days
GDPR Requests: 30 days
Security Reports: 24-48 hours

16. Your Consent

By using Heatmap Housing, you consent to this Privacy Policy and our Terms of Service.